What is “personal information”?
- Personal information” is information which relates to a living individual who can be identified from that information, or from that information and other information in a person’s possession, including any expression of opinion, whether true or not, and whether recorded in material form or not, about an identified or reasonably identified individual, and any indication of intention in respect of an individual.
What personal information do we collect?
- Generally, the type of personal information we collect about you is the information that is needed to facilitate your stay on Magnetic Island including travel arrangements, bookings and to organise the provision of related products and services on your behalf. For example, we may collect details such as your name, residential address, mailing address, telephone number, email address, credit/debit card details (including card type, card number, security number and expiry date), and other details relevant to your stay or required by third parties providers (e.g. airlines, accommodation and tour providers).7. When you make contact with us for other purposes, we may also collect personal information about you in relation to those purposes. For example, we may collect your personal information so we can contact you about a competition you have entered (e.g. if you win) or to respond to an enquiry or feedback form you have sent to us. We also collect information that is required for use in the business activities of DJ’S CASTLE (QLD) PTY LTD, including for example, financial details necessary in order to process various transactions, and any other relevant personal information you may elect to provide to us.
8. We also collect information about how you use our products, including transaction and payment information, details of any contact you have with our staff and information regarding your internet activity (including your location) when you use our websites or online services.
How do we collect personal information?
- We will ordinarily collect personal information about you directly from you or where it is provided to us. For example, we collect personal information directly from you through forms you fill out when contacting us, signing up for our email communication, requesting a quote, using our online chat service, entering a competition, making a booking or through your ongoing interaction with us.10. When you call us on the telephone, we may monitor and in some cases record the telephone conversation for staff training and record-keeping purposes. Further, when we communicate with you by email or via online chat, we may keep a copy of our correspondence and use technology to identify you so that we will be in a position to know when you have opened the email or clicked on a link in the email.
Why do we collect personal information?
- The collection, holding and use of your personal information is necessary for us to provide you with advice relating to holidaying on Magnetic Island and/or to assist you with booking accommodation on Magnetic Island, travelling to and from Magnetic Island and/or booking restaurants, activities, products and other services related to your stay on Magnetic Island including:
- managing your reservation;
- sending you information;
- developing, improving and marketing our products and services;
- servicing our relationship with you by, among other things, providing updates on promotions, products and services we think may interest you;
- involving you in market research, gauging customer satisfaction and seeking feedback regarding our relationship with you;
- for marketing activities including but not limited to mail-outs, emails, e-newsletters, SMS notifications and telephone calls;
- responding to your questions;
- solving your problems; and
- verifying your identity.
- If you contact us for a quote or information about our products and you decide not to holiday with us, we may keep your details on file to let you know about future offers.
Is personal information disclosed to third parties?
- as permitted or required by law;
- to various regulatory bodies and law enforcement officials and agencies, including to protect against fraud and for related security purposes;
- to third party suppliers of IT based solutions that assist us in providing products and services to you;
- to comply with a request from a qualified government department if we are satisfied that they have the authority to make such request;
- where we suspect that unlawful activity has been or may be engaged in and the personal information is a necessary part of our investigation or reporting of the matter;
- to third parties who may involve you in market research for the purpose of servicing our relationship with you and improving the products and services we provide; and
- to third parties for the purpose of analysing trends in sales and travel destinations.
How long do you keep personal information?
- We are only allowed to store your personal information for as long as necessary having regard to the purpose for which it was collected or a related or ancillary purpose. We may therefore delete your personal information after a reasonable period of time and, if you have not used our products and services for some time, you may have to re-enter or re-supply your personal information to us.19. Sensitive personal information will only be kept in accordance with the conditions you consent to at the time of collection or as otherwise required by law.
Is sensitive personal information treated differently under your policy?
- Yes. Sensitive personal information (as defined in the legislation) will only be collected directly from you. The use and disclosure of sensitive personal information will only be in accordance with the conditions you consent to at the time of collection or as otherwise required by law.
Dealing with us anonymously or using a fake name
- We will generally need to know who you are in order to provide you with our products and services. Despite this, in some circumstances you are entitled to deal with us anonymously, or by using a pseudonym (fake name), for example when making general enquiries about the services we offer. You must tell us when you are using a pseudonym when applying for our services. If we need to identify you, we will tell you whether or not your real name is required to access those services.22. In some circumstances, you may receive a better service or response if we know who you are. For example, we can keep you up-to-date and better understand a complaint you might have if we know who you are and the circumstances of your complaint.
Do you ever send me advertising materials?
- From time to time, we may use your personal information to let you know about new developments, Magnetic Island information and special offers that may interest you. We may also let you know about products and services from our partners but we will not pass your personal information to them or sell it to third parties.
What if I don’t want to receive advertising materials?
- That’s absolutely fine. Just let us know by emailing firstname.lastname@example.org
Online links to Third Party and Co-Branded sites
28. Cookies can help us make your experience of our websites more relevant, and they can also help us learn about how people use our websites (and therefore help make it better).
29. Most web browsers are set to accept cookies, but you can always change your computer settings to stop them. If you choose to do that, you may not be able to take full advantage of our online services.
3rd Party Tracking
How do we store personal information?
- We store your personal information in a number of ways including:
- on secure servers;
- in electronic systems and devices;
- in telephone recordings;
- in paper files; and
- document retention services off-site.
- This may include storage on our behalf by third party service providers. See our comments below about how we protect your information.
How do we protect personal information?
- DJ’S CASTLE (QLD) PTY LTD has implemented various physical, electronic and managerial security procedures in order to protect personal information from loss and misuse, and from unauthorised access, modification, disclosure and interference.36. If we no longer require your personal information, we will take reasonable steps to destroy or de-identify it unless we are required to keep it by law.
Are my online transactions secure?
- Whilst we take reasonable measures, no data transmission over the Internet can be guaranteed as fully secure and accordingly, we cannot guarantee or warrant the security of any information you send to us using our online forms or products. You submit information over the Internet at your own risk.38. With respect to online payments, we use a Secure Socket Layer (SSL), which scrambles your data to make it unreadable by third parties. It does this by:
- Server authentication: the web server sends a digital certificate to your computer so that you can be sure of its identity (and know that the transaction is protected – you’ll see a lock symbol on the bottom right of the browser window).
- Client authentication: your computer authenticates itself to the server by showing its digital signature.
- Encryption: during the internet connection, data that’s transferred from your computer to the server is scrambled, so that only your computer and the server can understand the contents of the transaction. This prevents other internet users from intercepting the information sent.
- See our comments above regarding the websites of third parties including those that are linked to our websites.
Can I access and if necessary correct my personal information?
- On request, we will provide you with access to the information we hold about you, including for the purpose of correcting or updating that information, unless there is an exception which applies under the Australian Privacy Principles.41. Your request to provide access to this information will be dealt with within a reasonable time.
42. If we refuse to provide you with access to, or correct, the information, we will notify you of our reasons for the refusal to the extent required and how you may complain about the refusal.
43. If there is a denial of access to your personal information or a dispute as to the correctness of any personal information held, we will provide you with reasons for the denial or its refusal to correct the personal information. If you disagree with our decision for the denial or refusal to correct the personal information, we will notify you of our reasons for the refusal to the extent required and how you may complain about the refusal.
- We take privacy concerns seriously, and we’ll work to address any problems we become aware of. If you have any further questions, concerns or wish to make a complaint about the way we manage your personal information, please email us on email@example.com
- We are committed to resolving any issue you may have as quickly as possible. We aim to respond to all complaints within 5 working business days; however timeframes may be longer depending on the nature of the complaint.46. If your complaint is not resolved to your satisfaction through the internal procedures outlined above, you may elect to contact the Office of the Australian Information Commissioner (OAIC): GPO Box 5218 Sydney NSW 2001 Phone: 1300 363 992 Email: firstname.lastname@example.org www.oaic.gov.au